Tag Archives: RSA

Hacking around with Twitter … ( Part 2 ! )

Cryptographically secure pseudorandom number g...

 (Photo credit: Wikipedia)

Well, I’m into day two of this project – well into the code now, and it’s comming on ok …

Phase 4(a) : Get Net::Twitter::Lite to connect to, pick up and update an account. This is pretty well documented in the examples on CPAN, although I’ve pared it right down to the minimum in just to get the post, as the date was throwing up an error, as it isn’t important to the proof of concept at this point ( might be a nicety later on … ) so the code stands like this just now …

#!/usr/bin/perl -w
#use strict;

use Net::Twitter::Lite;

#----------------------------------------------#
#                  This is :                   #
 $clientname = "twitter crypt";       #
#                  Version :                   #
 $clientver = "0.1";            #
#----------------------------------------------#
#            By : Simon Biles                  #
$clienturl="http://computersecurityonline.com";#
#----------------------------------------------#

$user="twcrypt";
$password="*********";

 my $nt = Net::Twitter::Lite->new(
 username => $user,
 password => $password,
 clientname => $clientname,
 clientver => $clientver,
 clienturl => $clienturl
 );

 my $result = eval { $nt->update('Hello, world!') };

 eval {
 my $statuses = $nt->friends_timeline();
 for my $status ( @$statuses ) {
 print "<$status->{user}{screen_name}> $status->{text}\n";
 }
 };
 warn "$@\n" if $@;

In theory the $clientname and $clientver should change the “via” entry, however this doesn’t seem to be the case as it appears to remain as “via Perl Net::Twitter” in TweetDeck.

This gives out the result of :

MacBook:TWCrypt si$ ./twcrypt.pl
 Hullooo ?
 twcrypt_a test
 Hello, world!

Which are either from <twcrypt> the result of the update or are pulling from the following list posts. So far so good !

Phase 4(b) : Right, now for RSA Encryption … If you aren’t familiar with RSA ( and I only vaugely remember the maths from University … ) it is a public key crypto system developed originally at GCHQ, although the offical secrets act meant that Ron Rivest, Adi Shamir, and Leonard Adleman got there independently. I’m _not_ going to go through how it works, mostly ‘cos I’d confuse the matter more, but the Wikipedia Article is pretty good ! Ignore the maths and work through the example to really get how it works 🙂

The example code for Crypt::OpenSSL::RSA isn’t quite so good, there are some typos which have left me stumped for ages … But I got there in the end, and in conjunction with MIME::Base64 have a way of encoding and decoding the strings into something that Twitter will accept. After playing around with key lengths, I’ve gone with 640bits, as this gives a nice ciphertext size of 110 chars and accomodates an encrypted message of upto 38 chars – not exactly War and Peace – I may have to implement that multi-part message sooner rather than later ! 640 bits also gives an RSA encoded key of 122 chars, so we are still comfortably within the 140 char Twitter limit.

#!/usr/bin/perl -w
#use strict;

use Crypt::OpenSSL::Random;
use Crypt::OpenSSL::RSA;
use MIME::Base64;

$plaintext = "12345678901234567890123456789012345678";
$good_entropy = "10010101001010101";

Crypt::OpenSSL::Random::random_seed($good_entropy);
Crypt::OpenSSL::RSA->import_random_seed();$rsa = Crypt::OpenSSL::RSA->generate_key(640);print "private key is:\n", $rsa->get_private_key_string();
print "public key (in PKCS1 format) is:\n", $rsa->get_public_key_string();print "Plaintext = $plaintext\n";
$ciphertext = $rsa->encrypt($plaintext);
print "Encrypted = -!-$ciphertext-!-\n";
$encoded = encode_base64($ciphertext);
$encoded_length = length $encoded;
print "Encoded = $encoded Length = $encoded_length\n";
$decoded = decode_base64($encoded);
print "Decoded = $decoded\n";
$decrypted = $rsa->decrypt($decoded);
print "Decrypted = $decrypted\n";

This gives us an output of :

MackBook:TWCrypt si$ ./twcrypt.pl
private key is:
-----BEGIN RSA PRIVATE KEY-----
MIIBgwIBAAJRAO2VqyVoQFyJkddP+zPzUuoyfDZVaPgn8LxHKFNETwVKdcAOfvm4
koOBcMcGGgwhaFQjEeg5JpNXBvXg67CbWvGpSLpCxonhFdoJprFAC/GBAgMBAAEC
UQCF0hGuZkQqW0qMTn6dymZfh8QzDnSrokOUqTfrfsRLpJ8iaIfYvL+4wPBb0+9z
1DALyIk9SX+MVTwdE7zanrHAxZVOb/zWVioVca0ih3M4yQIpAPi5mTO0lVU4mSw5
acNoPJhkJp901OYgCXVK75MiKJSb+31TmjSoSo8CKQD0iKdHs1ieaoMMx/K91Zmi
dnb80l7aRkU04OZ1ed201OMyP489D0rvAikA+JxzkOYo+iT3nefJWqO/Jce9f1dF
UrylF5OOgm/7RgffyfadxZKN6wIoRczYCwRrkFSQ8c4FQSC+iPxNvJ8ECkQyrwRf
ZDsUCPEXpRk1dtVtqwIobkZm67KhVm5Hp4NRhWIiFODNuzcfwZfakM8Fhvk9dBtv
1GAKqXOeEQ==
-----END RSA PRIVATE KEY-----
public key (in PKCS1 format) is:
-----BEGIN RSA PUBLIC KEY-----
MFgCUQDtlaslaEBciZHXT/sz81LqMnw2VWj4J/C8RyhTRE8FSnXADn75uJKDgXDH
BhoMIWhUIxHoOSaTVwb14Ouwm1rxqUi6QsaJ4RXaCaaxQAvxgQIDAQAB
-----END RSA PUBLIC KEY-----
Plaintext = 12345678901234567890123456789012345678
Encrypted = -!-g$S9?+?????<}&3~?"?q?    ?=???):??R'?+?/?*3?:??x:??p{?!?o??-??m??ʣ??N?<ɍI?q-!-
Encoded = ZyRTOa8rH531r56PPH99JjN+ryKEcYoJhD2WgqUpOtjIUieLFCuqL5ccKjPuOokT9ng6/NBwe5wh
HOtvkfct4cxtl8LKo4HFTos8yY1J+3E=
 Length = 110
Decoded = g$S9?+?????<}&3~?"?q?    ?=???):??R'?+?/?*3?:??x:??p{?!?o??-??m??ʣ??N?<ɍI?q
Decrypted = 12345678901234567890123456789012345678

So that all appears to be working ok …

Phase 4(c): Stich the two things together into a useable program ! This is only a proof of concept, so I’m going to just write a simple command line utility with a few switches to show the point, the plan ( at the moment ) is to end up with something like this :

twcrypt [--genkey keyfile] [--publishkey keyfile] [--getkeys] [--showkeys] [--encrypt to] [--getmessages keyfile] [--user user] [--pass password]

I hope that is quite self explanitory, but read on anyhoo and you’ll get the drift I’m sure …

I got somewhat distracted last night by a terrible film rental (“Thick as Thieves”, Morgan Freeman and Antonio Banderas – don’t bother, it’s not worth it … ) so I’ve not finished this off yet – I thought that I’d post this much and then the final part soon.

Tagged , , , , , ,